AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities.
Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a preferred tool of choice for cybercriminals. During Trend Micro investigation of AsyncRAT infections, we observed Python scripts playing a central role in the infection chain, automating various stages of the attack. The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FIN6 returns to attack retailer point of sale systems in US, Europe
September 5, 2018
A new malware campaign has been detected which is targeting point-of-sale (PoS) systems across the United States and Europe. On Wednesday, researchers from IBM X-Force IRIS said the attacks have been attributed to the FIN6 cybercriminal group. This is only the second time that a campaign has been documented which appears to be the handiwork of FIN6. According to FireEye (.PDF), ...
- New Silence hacking group suspected of having ties to cyber-security industry
September 5, 2018
At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...
- Cybersecurity researchers double SCADA vulnerability finds
September 3, 2018
Independent cybersecurity researchers found nearly double the number of vulnerabilities in supervisory control and data acquisition (SCADA) systems in the first six months of 2018 as they did in the first half of 2017, according to a new report by Japanese multinational Trend Micro, amid rising concerns about infrastructure security. The 202 holes spotted in such ...
- Attackers Abuse WMIC to Download Malicious Files
August 30, 2018
Malware authors use WMIC and a host of other legitimate tools to deliver information-stealing malware, highlighting the continued use of living off the land tactics. We recently observed malware authors using a combination of a tool found on all Windows computers and a usually innocuous file type associated with modifying and rendering XML documents. While these ...
- How hackers managed to steal $13.5 million in Cosmos bank heist
August 27, 2018
Earlier this month, reports surfaced which suggested that Cosmos Bank, India’s oldest at 112 years old, had become the victim of a cyberattack which left the institution millions out of pocket. The attack reportedly took place in two stages been August 10 – 13. According to the Hindustan Times, malware was used on the bank’s ATM server ...
- macOS users targeted by new Lazarus attack
August 23, 2018
If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges. And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus. In ...